10 Quick Wins for IT Security and FISMA 2009 Compliance

Everyone in government today is concerned with cyber security. While FISMA requires federal agencies to enhance their security posture, it remains a daunting task. Despite standardization from NIST and others, what is missing is a pragmatic evaluation of what an agency can do quickly to substantially tighten their security.

The 80/20 rule applies; there are a number of requirements within FISMA and the NIST standards that are fast, relatively simple to implement and significantly increase agency security, but they are not called out in any special way. These are "quick wins" - and can move your FISMA project beyond simply getting an "Authority To Operate" to actually increasing IT security quickly.

How to prioritize FISMA implementation to gain maximum return on your security investment

Background

The pressing need for increasing security of government systems is ever more important as cyber attacks from both foreign governments as well as individuals has mounted over the last few years. In addition, new technology such as the wide-spread use of USB mass storage devices has made the risk of deliberate theft as well as accidental loss of data through insiders even graver. A lot of important information can fit easily onto an 8GB storage device the size of a person's little finger. In addition an infected USB device can bypass all the perimeter defenses and quickly infect an entire agency.

With the new Administration making cyber security a priority the time is now to tighten IT security in government.

One challenge with FISMA is the sheer size of the requirement - NIST Special Publication 800-53 Revision 3 Security Controls for Federal Information Systems and Organizations runs over 200 pages. To even reach the point of implementing security controls, a great deal of study, categorization and planning is required, making any FISMA project a multi-year affair. While the entire process is necessary for compliance, a top down approach causes the desired benefits in security to only come after a very long period of time.

The good news is there are specific sets of controls that can be implemented immediately, which security practitioners have recognized will substantially tighten security. These pragmatic controls don't require a big budget or an organizational paradigm shift and are highly effective. In this webinar we will look at the 10 that provide the best "value" - the greatest increase in security at the least cost in time and money.

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.